Spring安全密码hash + salt [英] Spring security password hash + salt

问题描述

我正在使用以明文形式存储密码的遗留应用程序。我已将应用程序移植到spring 3 mvc + security。我还成功地使用sha256 + salt基于用户名获得了Spring安全性处理认证和授权。这一切都很好，但作为部署的一部分，我将需要迁移现有数据库以使用新密码模式。我不确定Spring安全性如何使用salt进行密码散列，因此我无法编写可用于将旧明文密码迁移到新sha256 + salt模式的sql脚本。是否有任何文档或资源可用于解决这个问题？

I am working with a legacy application that stored passwords in plaintext. I have ported the application to spring 3 mvc + security. I have also successfully gotten spring security handling the authentication and authorization using sha256 + a salt based on the username. This all works great, however as part of the deployment, I will need to migrate the existing database to use the new password schema. I am not sure how spring security does it's password hashing with a salt, so i am unable to write a sql script that can be used to migrate the old plaintext passwords to the new sha256+salt schema. Is there any documentation or resources that I can use to figure this out?

推荐答案

这在 BasePasswordEncoder ：

生成的密码将采用的形式密码{salt} 。

因此，在您的情况下，您可以使用以下简单代码计算盐渍密码：

So in your case you can compute the salted password using this simple code:

new ShaPasswordEncoder(256).encodePassword(oldPassword, randomSalt)

注： ShaPasswordEncoder extends BasePasswordEncoder 。

这篇关于Spring安全密码hash + salt的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！